Clearing Up Some Internet Connectivity Issues

In this lab I will clear up some fundamental connectivity issues with respect to how the Network Administrator connects network equipment to establish Internet connection for an organization. All IP addresses used below are fictitious and are for lab purposes only.

When my friend purchased a 17Mbps Up and 5 Mbps Down PPPoE Fiber DSL connection from ISP X, he was given two blocks of IP addresses:

On the WAN Block:

Single IP: 175.119.251.243

On the DMZ Block:

32 IP addresses: 92.171.59.224/27

The issue is that he cannot use the WAN IP as a manual IP address. The router was setup to be the PPPoE initiator and it is automatically assigned with the WAN IP of 175.119.251.243 when the PPPoE connection is established.

The physical connection is as follows:

Every time the ADMIN PC goes out to the Internet, it is interpreted as 92.171.59.253, which is the desired setting that we want.

He then purchased a 10 Mbps Up and 10 Mbps Down Fiber connection from ISP Y and was given two blocks of IP addresses:

On the WAN Block:

138.101.157.142

255.255.255.252

138.101.157.141

On the DMZ Block:

138.99.157.0/24

My friend designed the network this way:

The problem with this design is that whenever the ADMIN computer wants to access the Internet, it is being NATTED to the IP address 138.101.157.142 regardless what IP address (in the range of 138.99.157.4 – 138.99.157.253) he assigns to the ADMIN PC.

So I suggested my friend to call ISP Y and ask them to re-route traffic to the /24 block instead of the WAN block. This would involve the followings:

1/ I need to remove the Cisco 2600 router out of the equation.

2/ Connect the Fiber Optic MC directly to the PIX Firewall.

3/ Have the ISP make a small change to route traffic to the /24 subnet instead of the /30 subnet. This strategy requires that we let the ISP use 138.99.157.1. Every device on the public switch will need to point to 138.99.157.1 as the default gateway. Additionally, there is no configuration changes needed to be done on the PIX firewall as the route to the outside is still to 138.99.157.1 as before.

After that, the connection looks like the following:

 

Now on the ADMIN PC, the public IP address shows as 138.99.157.100 on “whatismyip.com,” exactly the way my friend wants it.